Privacy Policy

Last Updated: June 16, 2025

1. Introduction and Legal Basis

Welcome to P2P Donate ("we," "our," "us," or "the Platform"), a peer-to-peer donation platform operating in the Republic of Ghana. We are committed to protecting your privacy and personal data in accordance with Ghana's Data Protection Act 2012 (Act 843) and international best practices.

Data Controller: P2P Donate serves as the data controller for personal information collected through our platform. We are responsible for determining how and why your personal data is processed.

Legal Basis for Processing: We process your personal data based on:

• Your explicit consent when you register and use our services
• Contractual necessity to provide our platform services
• Legal obligations under Ghanaian financial regulations
• Legitimate interests in platform security and fraud prevention

Your Rights: As a data subject under Ghanaian law, you have specific rights regarding your personal data, which are detailed in this policy.

2. Personal Data We Collect

We collect and process various categories of personal data to provide our services effectively and comply with Ghanaian regulations:

2.1 Identity and Contact Information

Required for Account Registration:

• Full legal name (as appears on Ghana Card or valid ID)
• Email address
• Mobile phone number (Ghana-registered)
• Date of birth (to verify age requirement)
• Residential address in Ghana
• Preferred language for communications

2.2 Mobile Money and Financial Information

For Platform Operations:

• Mobile money provider (MTN, Vodafone, AirtelTigo)
• Mobile money account number
• Mobile money account name
• Transaction history within the platform
• Pledge amounts and categories
• Queue positions and status
• Platform token balance and usage

2.3 Verification and Security Data

For Compliance and Security:

• Government-issued ID information (Ghana Card, Passport, etc.)
• Proof of address documents
• Mobile money transaction screenshots/receipts
• Biometric data (if required for verification)
• Account passwords (encrypted and hashed)
• Security questions and answers

2.4 Technical and Usage Data

Automatically Collected:

• IP address and geolocation data
• Device information (type, model, operating system)
• Browser type and version
• Platform usage patterns and preferences
• Login times and session duration
• Pages visited and features used
• Error logs and technical diagnostics

2.5 Communication and Support Data

When You Contact Us:

• Support ticket content and attachments
• Chat messages with other users (for dispute resolution)
• Email correspondence
• Phone call recordings (with consent)
• Feedback and survey responses

3. How We Process Your Personal Data

We process your personal data for specific, legitimate purposes in accordance with Ghana's Data Protection Act 2012:

3.1 Platform Operations

• Account Management: Creating, maintaining, and securing user accounts
• User Matching: Connecting users for pledge transactions based on queue system
• Transaction Facilitation: Enabling mobile money transfers between users
• Queue Management: Maintaining fair and transparent FIFO queue system
• Platform Security: Preventing fraud, abuse, and unauthorized access

3.2 Communication and Support

• Service Communications: Sending account updates, transaction notifications
• Customer Support: Responding to inquiries and resolving disputes
• Platform Updates: Informing users of changes to terms or services
• Educational Content: Providing financial literacy and platform guidance

3.3 Legal and Regulatory Compliance

• KYC/AML Compliance: Verifying user identity and preventing money laundering
• Financial Reporting: Meeting Bank of Ghana reporting requirements
• Tax Compliance: Maintaining records for tax purposes
• Law Enforcement: Cooperating with legitimate legal requests
• Dispute Resolution: Investigating and resolving user conflicts

3.4 Platform Improvement

• Analytics: Understanding user behavior to improve services
• Performance Monitoring: Ensuring platform reliability and speed
• Feature Development: Creating new features based on user needs
• Risk Management: Identifying and mitigating operational risks

4. How We Share Your Information

We may share your information in the following situations:

4.1 Data Sharing with Other Platform Users

For Transaction Completion: When matched for pledges, we share essential information with other users:

• Full name (for mobile money transfer identification)
• Mobile money provider and account number
• Mobile money account name
• Pledge amount and category

Purpose: This sharing is necessary for users to complete mobile money transfers outside our platform.

Consent: By using our platform, you explicitly consent to this necessary data sharing.

4.2 Third-Party Service Providers

Limited Sharing for Operations: We may share data with trusted service providers for:

• Cloud Hosting: Secure data storage and platform hosting
• SMS Services: Sending verification codes and notifications
• Email Services: Platform communications and support
• Analytics: Understanding platform usage (anonymized data only)
• Security Services: Fraud detection and prevention

Safeguards: All service providers are bound by strict data protection agreements.

4.3 Regulatory and Legal Authorities

Mandatory Disclosure: We may share data with Ghanaian authorities when required by law:

• Bank of Ghana: Financial reporting and compliance
• Ghana Revenue Authority: Tax compliance and reporting
• Economic and Organised Crime Office (EOCO): Anti-money laundering investigations
• Courts and Law Enforcement: Valid legal orders and investigations
• Data Protection Commission: Regulatory compliance and investigations

4.4 Business Continuity

Corporate Transactions: In case of merger, acquisition, or business transfer, user data may be transferred to ensure service continuity, subject to the same privacy protections.

5. Data Security and Protection Measures

Technical Safeguards:

• Encryption: All data transmitted and stored is encrypted using industry-standard protocols
• Access Controls: Role-based access with multi-factor authentication
• Secure Hosting: Data stored in secure, Ghana-compliant data centers
• Regular Backups: Encrypted backups with secure recovery procedures
• Monitoring: 24/7 security monitoring and threat detection

Organizational Safeguards:

• Staff Training: Regular data protection training for all employees
• Privacy by Design: Data protection built into all system designs
• Incident Response: Procedures for handling data breaches
• Regular Audits: Internal and external security assessments

Limitations: While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security but commit to industry best practices.

6. Data Retention and Deletion

Retention Periods:

• Active Accounts: Data retained while account is active and for 7 years after closure (financial record requirements)
• Transaction Records: Maintained for 7 years as required by Ghanaian financial regulations
• Support Communications: Retained for 3 years for quality assurance
• Technical Logs: Retained for 1 year for security and performance monitoring
• Marketing Data: Retained until consent is withdrawn

Secure Deletion: When retention periods expire, data is securely deleted using industry-standard methods to prevent recovery.

Legal Requirements: Some data may be retained longer if required by Ghanaian law or ongoing legal proceedings.

7. Your Privacy Rights Under Ghanaian Law

Under Ghana's Data Protection Act 2012, you have the following rights:

7.1 Right to Information

• Know what personal data we collect about you
• Understand how your data is processed and why
• Know who has access to your data
• Receive clear information about data retention periods

7.2 Right of Access

• Request a copy of all personal data we hold about you
• Receive data in a commonly used, machine-readable format
• Access your data free of charge (first request per year)

7.3 Right to Rectification

• Correct inaccurate or incomplete personal data
• Update your account information at any time
• Request correction of errors in our records

7.4 Right to Erasure

• Request deletion of your personal data (subject to legal requirements)
• Withdraw consent for data processing
• Object to processing for direct marketing

7.5 Right to Data Portability

• Receive your data in a portable format
• Transfer your data to another service provider

How to Exercise Your Rights:

• Submit requests through our support ticket system
• Email us at privacy@p2pdonate.gh
• We will respond within 30 days as required by law
• Identity verification may be required for security

8. Mobile Money Provider Integration

Third-Party Services: Our platform integrates with mobile money providers (MTN, Vodafone, AirtelTigo) but does not directly access your mobile money accounts.

Data Sharing: We do not share your platform data with mobile money providers beyond what you explicitly provide for transactions.

External Privacy Policies: Mobile money transactions are governed by your provider's privacy policy. We encourage you to review their terms.

9. Age Restrictions and Youth Protection

Minimum Age: Our platform is restricted to users 18 years and older. We do not knowingly collect data from minors.

Age Verification: We may request age verification documents during account registration.

Parental Notice: If you believe a minor has provided personal data to us, please contact us immediately for data removal.

Youth-Focused Messaging: While targeting young adults, we maintain strict age verification to comply with Ghanaian law.

10. Cross-Border Data Transfers

Data Location: Your data is primarily stored and processed within Ghana or in countries with adequate data protection standards.

International Transfers: If data must be transferred internationally, we ensure:

• Adequate protection through contractual safeguards
• Compliance with Ghana's data transfer requirements
• Your explicit consent when required

11. Data Breach Notification

Our Commitment: In case of a data breach affecting your personal data:

• We will notify the Data Protection Commission within 72 hours
• Affected users will be notified without undue delay
• We will provide clear information about the breach and our response
• Remedial actions will be taken to prevent future breaches

12. Updates to This Privacy Policy

Policy Changes: We may update this Privacy Policy to reflect:

• Changes in Ghanaian data protection laws
• New platform features or services
• Improved data protection practices
• User feedback and regulatory guidance

Notification Process:

• Email notification to all registered users
• In-platform notifications
• Updated "Last Modified" date
• 30-day notice period for material changes

13. Contact Information and Complaints

Data Protection Officer:

• Email: privacy@p2pdonate.gh
• Phone: +233 [Privacy Contact Number]
• Address: [Physical Address in Ghana]

General Support:

• Support tickets through the platform
• Email: support@p2pdonate.gh
• Response time: Within 48 hours

Regulatory Complaints: If unsatisfied with our response, you may file a complaint with:

• Data Protection Commission (Ghana)
• Website: [DPC Website]
• Email: [DPC Email]
• Phone: [DPC Phone]